Closed
Bug 169085
Opened 22 years ago
Closed 22 years ago
No alert for Encrypted/Unencrypted mix and displays both during HTTPS session
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: ramzewe, Assigned: security-bugs)
Details
User-Agent: Mozilla/5.0 (Macintosh; U; PPC; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 Build Identifier: Mozilla/5.0 (Macintosh; U; PPC; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 Netscape 7.0 does not alert the user when viewing a page that contains encrypted and unencrypted data, worse it displays the unencrypted data. This is contrary to the correct behavior in Netscape 4.x which alerts the user and does NOT display unencrypted data. Reproducible: Always Steps to Reproduce: 1.load the following link during an HTTPS session: <img src="http://images.00mm.net/metrowerks/images/spacer.gif" width="1" height="1" alt="" border="0"></td> (often ab-used for web bug email tracking...) Actual Results: 1. There WILL NOT be an alert indicating that "You have requested a secure document that contains some insecure information. The insecure information will not be shown." And the insecure information WILL be shown. Expected Results: Should produce the above alert and NOT show the insecure information, as would be the case using Netscape 4.x
ramzewe - Thanks for your input, but the correct place for reporting Netscape 7 bugs is <http://channels.netscape.com/ns/browsers/7/feedback/ default.jsp>. Unfortunately, mozilla.org doesn't have the resources to cope with their bugs as well as our own. :-) Additionally, lots of stuff which is broken in their version is now fixed in ours. However, if you see this problem in a recent build of Mozilla, feel free to return and ask for this bug to be reopened. Marking INVALID (don't take it personally, Bugzilla doesn't have a politer option ;-) Greg
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
Summary: No alert for Encrypted/Unencrypted mix and displays both during HTTPS session → No alert for Encrypted/Unencrypted mix and displays both during HTTPS session
Comment 2•15 years ago
|
||
I also don't see expected message while using flash player with Firefox 3.0.6. Also I found this message in support: No warning about unencrypted content when it should be thrown (http://support.mozilla.com/tiki-view_forum_thread.php?comments_parentId=259140&forumId=1). Indicated example is: https://www.opengrow.com/secure.html.
Comment 3•15 years ago
|
||
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 (.NET CLR 3.5.30729)
You need to log in
before you can comment on or make changes to this bug.
Description
•